Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

It bisects to 523efae2ae9590d0bc4c0229277020db49fb5438, and it doesn't happen after ff19f4443204410b3be71c476d23c716db18c800.

That said, even if doesn't happen, this isn't something I'd expect from that change. The crash happens because we try to create a handle without a handle scope.

peria@, is this expected? Can you explain why a seemingly unrelated change would change this behavior? Should we still be acquiring the handle scope somewhere in this callstack?

You're right. The regression and the fix do not expect this failure.
I'm taking another look into this. Thank you for the report.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3fa79077d533c4c9a547487c90df437df34ef1d5

commit 3fa79077d533c4c9a547487c90df437df34ef1d5
Author: Hitoshi Yoshida <peria@chromium.org>
Date: Wed Dec 19 08:13:42 2018

bindings: Have a handle scope in V8PersistentCallbackFunctionBase

V8PersistentCallbackFunction's makes a V8 handle in its constructor.
But it is not guaranteed to be called in a V8 handle scope,
and there is a case that fails.

This CL makes a V8 handle scope to keep the V8 handle alive.


Bug:  915403 
Change-Id: I5b683d6722c4ce660b1d84387510ebfcfe64ef37
Reviewed-on: https://chromium-review.googlesource.com/c/1381295
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Hitoshi Yoshida <peria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#617766}
[modify] https://crrev.com/3fa79077d533c4c9a547487c90df437df34ef1d5/third_party/blink/renderer/platform/bindings/callback_function_base.cc

ClusterFuzz has detected this issue as fixed in range 617060:617061.

Detailed report: https://clusterfuzz.com/testcase?key=6720597100593152

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900000001
Crash State:
  blink::ReportFatalErrorInMainThread
  v8::Utils::ReportApiFailure
  v8::internal::HandleScope::Extend
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=616179:616203
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=617060:617061

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6720597100593152

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6720597100593152 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.